09

Question 1

______ is an open standard protocol for accessing object-oriented databases, known as Directory servers

port _____

Answer 1

LDAP

389

Question 2

The ______ model is based on the structure of the directory

• the structure of a directory:

________ most fundamental item in a directory; these are items such as users, groups and computers.

_________ charecteristics of objects

_________ set of rules or structure that efines objects

_________ logical grouping of objects or type of class object (by organizational structure, groups, etc)

______________ used for organizing objects, unable to link group policies directly to them

___________ used for organizng objects and able to link group policies to them.

_________ contains OUs, containers, and objects and provides the ability to link a group policy to them as a single entity

___________ may be used as user logon name for the domain. combines usernames and DNS name; commonly used as an email address.

Answer 2

information

object

attribute

Schema

Classes

Container

Organizational unit (OU)

Domaions

User Principal name (UPN)

Question 3

The ______ model deals with organization of the data and objects within a database.

What are the two names used to reference an object in a directory/domain?

_______________ ________ contains the relative distinguished name and location within the LDAP directory

_________________ _______ portion of the name that does not realte to the directory structure. It is unique to each level

The LDAP standard __________ defines classes of objects

Answer 3

Naming

Distinguished name Full name

Relative distinguished name Common name

RFC-1777

Question 4

What are the object class identifiers that active directory uses?

___ Users, groups, computers, printers, containers, etc

___ Organizational unit object class

___ domainDns object class; identifies the domain name Hierarchy

Answer 4

CN

OU

DC

Question 5

Every directory object has an LDAP DN, which indicates the object’s full path. Active directory uses DN to allow clients to retrieve directory information T/F?

Answer 5

T

Question 6

The ____________ model provides information that details what actions are allowed with the database

___________ Operations are for initiating and authenticating a session to the LDAP server. The primary operation performed is ______

___________ how the database or directory is searched. ________ is the primary operation

________ used for data modification including add, modify, and delete

Answer 6

Functional

Authentication, bind

Interrogation, Search

Update

Question 6

_____________ is Microsoft’s implementation of LDAP directory services.

What are the benefits of it?

FIEP SRSI

Answer 6

Active Directory

Flexible querying
Intergration with DNS
Extensibility
Policy-based administration
Scalability
Replication
Security
Interoperability

Question 7

Where is active directory contained?

Answer 7

\Windows\NTDS\Ntds.dit

Question 8

A Domain name server running a server OS that does not have AD installed is referred to as a _________________

____________ server as boundaries for authentication and policy and must have a unique namespace

A server OS with active directory installed is called a ____________

Answer 8

Member Server

Domain

Domain Controller

Question 9

_______ are used to represent the physical topology of the network, used to configure and optimize replication between physically dispersed domain cointrollers.

What are the three benefits of this?

SNP

Answer 9

sites

Enables clients to effectively discover services

Enables network traffic control tp optmize replication between domain controllers and maximize data avaliability

Enables policy application; Group Policy Objects may be linked to sites.

Question 10

A _________ is one or more domains sharing a common schema, where the first domain created is the forests root domain

A ________ consists of one or more domains that may be grouped together to form hierarchical structures

Answer 10

Forest

Tree

Question 11

A _________ is a relationship established between domains to enable users in one domain to access resources in another domain

Answer 11

trust

Question 12

What are the two different types of trusts?

________ ________ When domain A trusts domain B and domain B trusts domain C, then memebers of A have access to resources in C if they have the correct permissions. Configured between parent/child domains and between root domains in a forest

_______ ________ _______ Between two forests, manually created
_______ Between two distant child domains; used to
improve logon.
________ Access between two active directory
domains located in different forests (no
forest trust exists)

Answer 12

Transitive Trust Automatic

Non-transitive Trusts External trusts configured manually
Forest
Shortcut
External

Question 13

Within a Forest-wide query ______ is used to search for resources. It does this with its implementation in a domain controller and uses ______________ to identify those resources.

it uses ports ________ and __________

Answer 13

GC Global catalog
DN Distinguished Names

TCP 3268 or 3269 (SSL)

Question 13

What ports does PS use for communication?

__________ = HTTP

_________ = HTTPS

Answer 13

TCP/5985

TCP/5986

Question 14

What are the two types of sessions PS remoting creates?

_______________ Remoting cmdlets like _____________ or Enter-PSSession specify a computer name by using the _______________ parameter. PS establishes a session, executes commands, and then shuts down the connection.

______________ A PS remoting session that persists until manually terminated by the user. The ______________ cmdlet establishes a perssitent session. The _____________ cmdlet removes the session when no longer needed. To view current persistent PS sessions, use the _____________ cmdlet.

Answer 14

Ad-Hoc Session
invoke-command
Enter-PSSession
-Computername

Persistent session
New-PSSession
remove-pssession
get-pssesssion

Question 15

The execution policy in a PS Remote session determines what can be accomplished during a PS Remote Session

PS does not execute anything under a super-privliged account like local system T/F?

Answer 15

T

Question 16

Steps of a Domain Logon?

If credentials match, kdcsvc.dll returns relevant information to the workstation.

Access token is passed to winlogon.exe.

LSA uses kerberos.dll authentication package to send user credentials to the domain
controller

The domain controller’s lsass.exe uses kdcsvc.dll to verify credentials with Active
Directory.

Workstation’s LSA creates access token with information received.

Userinit.exe launches explorer.exe with a copy of user’s access token; userinit.exe
exits.

Winlogon.exe receives SAS and starts LogonUI.exe

Winlogon.exe starts userinit.exe.

Winlogon.exe receives SAS and starts LogonUI.exe

LogonUI.exe collects user’s credentials and passes them to LSA; LogonUI.exe exits.

Answer 16

(1) User presses CTRL+ALT+DEL to initiate interactive logon.

(2) Winlogon.exe receives SAS and starts LogonUI.exe.

(3) LogonUI.exe collects user’s credentials and passes them to LSA; LogonUI.exe exits.

(4) LSA uses kerberos.dll authentication package to send user credentials to the domain
controller.

(5) The domain controller’s lsass.exe uses kdcsvc.dll to verify credentials with Active
Directory.

(6) If credentials match, kdcsvc.dll returns relevant information to the workstation.

(7) Workstation’s LSA creates access token with information received.

(8) Access token is passed to winlogon.exe.

(9) Winlogon.exe starts userinit.exe.

(10) Userinit.exe launches explorer.exe with a copy of user’s access token; userinit.exe
exits.